Gitiles
Code Review Sign In
gerrit.cesnet.cz / CzechLight / velia / f034f0cdddc39ff1c187c502e28bb9367cfc79f3 / . / src / main-firewall.cpp
blob: 5772f2fc4c4b3d0230104e76bf7bba40678b95c0 [file] [log] [blame]
Václav Kubernátd386aba2021-01-19 10:03:28 +0100[diff] [blame]1#include <boost/process.hpp>
2#include <docopt.h>
3#include <spdlog/sinks/ansicolor_sink.h>
4#include <spdlog/spdlog.h>
Václav Kubernát7efd6d52021-11-09 01:31:11 +0100[diff] [blame]5#include <sysrepo-cpp/Connection.hpp>
Václav Kubernátd386aba2021-01-19 10:03:28 +0100[diff] [blame]6#include <unistd.h>
7#include "VELIA_VERSION.h"
8#include "firewall/Firewall.h"
Václav Kubernátde0e4e62021-02-08 17:46:14 +0100[diff] [blame]9#include "system_vars.h"
Václav Kubernátd386aba2021-01-19 10:03:28 +0100[diff] [blame]10#include "utils/exceptions.h"
Václav Kubernát6d9357e2021-01-28 15:38:24 +0100[diff] [blame]11#include "utils/exec.h"
Václav Kubernátd386aba2021-01-19 10:03:28 +0100[diff] [blame]12#include "utils/journal.h"
13#include "utils/log-init.h"
Václav Kubernát6018f082021-02-11 01:32:18 +0100[diff] [blame]14#include "utils/log.h"
Tomáš Pecka41784702021-05-26 13:57:32 +0200[diff] [blame]15#include "utils/sysrepo.h"
Václav Kubernátd386aba2021-01-19 10:03:28 +0100[diff] [blame]16#include "utils/waitUntilSignalled.h"
17
Václav Kubernátd386aba2021-01-19 10:03:28 +0100[diff] [blame]18static const char usage[] =
19 R"(Bridge between sysrepo and nftables.
20
21Usage:
22 veliad-firewall
23 [--sysrepo-log-level=<Level>]
24 [--firewall-log-level=<Level>]
25 veliad-firewall (-h | --help)
26 veliad-firewall --version
27
28Options:
29 -h --help Show this screen.
30 --version Show version.
31 --firewall-log-level=<N> Log level for the firewall [default: 3]
Václav Kubernát5f57dec2021-02-11 02:02:46 +0100[diff] [blame]32 --sysrepo-log-level=<N> Log level for the sysrepo library [default: 2]
33 (0 -> critical, 1 -> error, 2 -> warning, 3 -> info,
34 4 -> debug, 5 -> trace)
Václav Kubernátd386aba2021-01-19 10:03:28 +0100[diff] [blame]35)";
36
37int main(int argc, char* argv[])
38{
39 std::shared_ptr<spdlog::sinks::sink> loggingSink;
40 if (velia::utils::isJournaldActive()) {
41 loggingSink = velia::utils::create_journald_sink();
42 } else {
43 loggingSink = std::make_shared<spdlog::sinks::ansicolor_stderr_sink_mt>();
44 }
45
Tomáš Peckac50ec9e2021-01-27 12:22:42 +0100[diff] [blame]46 auto args = docopt::docopt(usage, {argv + 1, argv + argc}, true, "veliad-firewall " VELIA_VERSION, true);
Václav Kubernátd386aba2021-01-19 10:03:28 +0100[diff] [blame]47
48 velia::utils::initLogs(loggingSink);
Tomáš Pecka41784702021-05-26 13:57:32 +0200[diff] [blame]49 velia::utils::initLogsSysrepo();
Václav Kubernátd386aba2021-01-19 10:03:28 +0100[diff] [blame]50 spdlog::set_level(spdlog::level::info);
51
52 try {
53 spdlog::get("firewall")->set_level(parseLogLevel("Firewall logging", args["--firewall-log-level"]));
54 spdlog::get("sysrepo")->set_level(parseLogLevel("Sysrepo library", args["--sysrepo-log-level"]));
55
Václav Kubernát7efd6d52021-11-09 01:31:11 +0100[diff] [blame]56 auto srConn = sysrepo::Connection{};
57 auto srSess = srConn.sessionStart();
Václav Kubernátd386aba2021-01-19 10:03:28 +0100[diff] [blame]58 velia::firewall::SysrepoFirewall firewall(srSess, [] (const auto& config) {
59 spdlog::get("firewall")->debug("running nft...");
Václav Kubernátde0e4e62021-02-08 17:46:14 +0100[diff] [blame]60 velia::utils::execAndWait(spdlog::get("firewall"), NFT_EXECUTABLE, {"-f", "-"}, config);
Václav Kubernátd386aba2021-01-19 10:03:28 +0100[diff] [blame]61
Václav Kubernátd386aba2021-01-19 10:03:28 +0100[diff] [blame]62 spdlog::get("firewall")->debug("nft config applied.");
63 });
64
65 waitUntilSignaled();
66
Václav Kubernátd386aba2021-01-19 10:03:28 +0100[diff] [blame]67 return 0;
68 } catch (std::exception& e) {
69 velia::utils::fatalException(spdlog::get("main"), e, "main");
70 }
71}